Links
Comment on page

CrowdSec

CrowdSec is a free, open-source and collaborative IPS. Analyze behaviors, respond to attacks & share signals across the community.
Video
Useful Links
Related Videos
Credits
Writer / Producer
Hawks
Contributor
Momas
Testing / Proofreading
Sycotix
Testing / Proofreading
DiscDuck
Testing / Proofreading
Momas
Unraid Component Writer
Voz De Ouro
Thank you for choosing to collaborate with IBRACORP
🙏
Please read our disclaimer https://docs.ibracorp.io/#disclaimer.

What is Crowdsec?

CrowdSec is a free, open-source, and collaborative IPS. Analyze behaviors, respond to attacks & share signals across the community.

Where did CrowdSec come from?

Thibault & Philippe, 2 of CrowdSec founders, used to work in high-security hosting, which was kind of a new field back in the 2010s. They designed a stack of protection that would also block IPs that made violations.
One day, one of their clients, a famous sports-oriented e-commerce shop, was under attack. It was not a real problem since it was protected by a robust stack, but the hacker used more than 3,000 IP addresses to try to aggress the website. At this exact moment came this idea that would be the genesis of CrowdSec.

“What if we share those IPs with our peers and colleagues in the industry? That would cripple this hacker’s operations even further, right?”

This was the starting point of a long journey, involving a lot of great minds in designing a lightweight product, Waze-like, that would not only block attacks but also share IPs with all its user community.
“Safer together” was born. The team started to gather around this idea that instead of being isolated sitting ducks, waiting to be picked one by one by the enemy, we could rather organize a sort of Internet neighborhood watch.

Feature List

  • Easy to Set up and Use - CrowdSec is easy to install, deploy and use regardless of your knowledge. You don't need to be a security master to enjoy its full capabilities.
  • Replayable - CrowdSec is able to process both live and old logs, which makes it false-positive resilient.
  • Observable - CrowdSec is instrumented with Metabase & Prometheus to generate out-of-the-box dashboards and monitor activity across your assets.
  • API-Driven - All components communicate via HTTP API, making it easy to cover complex setups.
  • Participative - You can share malevolent IP data with your fellow users, have each other's backs and outnumber hackers.
  • Open Source - CrowdSec is as open source and free as it can be through an MIT licence. No back doors. No shenanigans.

Detected Behaviours

  • Applicative DDoS
  • Drive-by download
  • Resource abuse
  • Credentials Brute-forcing
  • PHP-based Armageddon
  • Port scans
  • Web scans
  • Credentials stuffing
  • Bot scraping
  • Targeted attacks

Special Thanks

  • Momas for their input and guidance.
  • Our Discord community and our Community Leaders DiscDuck and Sycotix for their input and documentation.
Please support the developers and creators involved in this work to help show them some love.

Final Words

We hope you enjoyed this guide. It was conceptualized by Momas, written, and implemented by our Community Leader Hawks.

Support Us

Our work sometimes takes months to research and develop. If you want to help support us please consider:

Thank you for being part of our community!

Last modified 1yr ago